Suppose you have a SharePoint server set up, with one web application that runs in an IIS virtual on port 80, and the exension of that web app running in a virtual on port 443 for SSL. This allows one IP address to access a site collection
using SSL, and a different IP address for non-SSL.

You can set up DNS to have a wildcard that points to non-SSL, and then explicit entries to redirect certain sites to the SSL virtual, like so:

This says: if you arrive at this site using port 80, I'm going to redirect you (R=301) to https and port 443.

Ok, next goal. With WSS (Windows SharePoint Services) Search, the indexer is configured on the web application level, which means the protocol in the URL (http vs https) is important.

Suppose a user enters http://teamsite.wss.ul02.local. The redirect rule from above sends the browser to https://teamsite.wss.ul02.local, and loads the page. Then suppose a user enters a search in the form and clicks the button, SharePoint grabs the browser
URL string, which in this case is https..., and sends that to the search server for results. Like so:

The results are all links to the non-SSL site, but this doesn't matter because it is already fixed with the redirect from before, so you click a link in the results to get to an item, and the redirect keeps you on the SSL site.